[Mono-bugs] [Bug 594110] New: SSL X.509 SubjectAltNameExtension does not work with more than 1 value (breaks HttpWebRequest)

Tue Apr 6 15:03:17 EDT 2010

http://bugzilla.novell.com/show_bug.cgi?id=594110

http://bugzilla.novell.com/show_bug.cgi?id=594110#c0

           Summary: SSL X.509 SubjectAltNameExtension does not work with
                    more than 1 value (breaks HttpWebRequest)
    Classification: Mono
           Product: Mono: Class Libraries
           Version: 2.6.x
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Major
          Priority: P5 - None
         Component: Mono.Security
        AssignedTo: spouliot at novell.com
        ReportedBy: greg.smolyn at strangeloopnetworks.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---
           Blocker: ---

Created an attachment (id=352668)
 --> (http://bugzilla.novell.com/attachment.cgi?id=352668)
Test project that breaks the X509 parsing

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us)
AppleWebKit/533.4+ (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7

The HttpWebRequest is unable to connect to SSL sites when the certificate has
more than 1 entry in the SubjectAltNameExtension, such as :

[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: foo.bar
  DNSName: www.foo.bar
]

I've attached a test case (which contains a cert file) that breaks the X509
Certificate parser.

Reproducible: Always

Steps to Reproduce:
1. Connect to an SSL site with this cert, or just attempt to parse this cert
extension directly
2.Exception is thrown
3.
Actual Results:  
Exception thrown

Expected Results:  
No exception

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.